A modern airgap to micro-segment BAS across any network transport without fork lift infrastructure upgrades or specialized skills
50% Lower CapEx and
OpEx through BAS
Connect and revoke BAS
97% faster, with little to
no network changes
90% Reduced attack
surface through cloaking,
Penn State University improved security by segmenting their BACnet systems for over 640 buildings
How they did it →
"In less than 20 minutes we deployed our first cloaked overlay network without having to modify systems."
Facility Automation Services,
Penn State University
Segmentation alternatives for BAS
systems are complex and costly
Connecting modern and legacy BAS (including HVAC, lighting, water, elevators, and more) helps you achieve greater cost-efficiencies through centralized control and monitoring. However, securely connecting and segmenting buildings in geographically distributed areas across separate and often shared networks is significantly complex and costly.
This complexity forces organizations
to deal with issues such as:
Increased organizational risk from lack of segmentation and isolation
Decreased building efficiency from lack of centralized data collection
Decreased network performance and up-time due to broadcast storms
Traditional IT solutions are not the answer. Technologies such as firewalls, VPNs, ACLs, and VLANs were not designed for energy environments. They require significant time and expertise to deploy and manage, yet still remain vulnerable to breach due to insufficient security and segmentation.
We have a better solution that solves these challenges.
"It's very user intuitive. We were able to put the solution together right out of the box without any engineering to start with" - Tom Walker, Penn State University.
Simple, secure, and segmented
smart building networks
We deliver peer-to-peer encrypted networks that make it simple to connect and micro-segment BAS across separate buildings and networks, with little to no change to existing infrastructure.
With a simple plug-and-play deployment model, you can now easily and quickly integrate systems across the LAN and WAN, without heavy IT involvement. We enable you to reduce costs through improved efficiency and predictive maintenance with BACnet traffic isolation and centralized control of distributed buildings.
Easily isolate and micro-segment BAS networks off the corporate network
Lower Operational Costs
Securely connect previously separate systems for better business intelligence and improved building efficiency
Better Network Performance
Improve network availability and performance by eliminating broadcast storms
Deployment: no specialized skills needed
Most customers will deploy hardware such as the Airwall 150 in front of buildings in order to cloak and segment the building control systems. Some are even moving towards granular segmentation of systems within the building using the smaller, more cost-effective Airwall 75.
The Airwall relay is the world's first identity-based router that connects systems and buildings across separate networks, and can be deployed on-premises or in the cloud. The Airwall Conductor is the orchestration engine that manages policy for all distributed Airwall Services (Airwall appliances, Airwall servers, and Airwall clients), delivering simple control of the network.
The Airwall Conductor delivers simple and
centralized network control
Eliminate the complex and manual configurations associated with traditional IT solutions through simple point-and-click policy orchestration. Create, deploy, and disconnect overlay networks in seconds, with little to no change to existing network infrastructure.
Policy Orchestration That’s Point-and-Click Simple
Easily create isolated network segments and configure policy using the radio buttons. This simple process replaces the multiple steps of security and network configurations (using network addresses, ports, certificates, ACLs, and VLANs, and more) typically required by IT staff.
Verify overlay network configuration and compliance quickly and easily
The Visual Trust Map allows you to immediately validate communication policy between protected machines, as well as their Airwall services. With greater control of your network, showing segmentation for regulatory compliance reporting and security audits becomes quick and easy.
5 Common Micro-Segmentation
micro-segmentation project on the right foot
Customer Use Case
Learn how Penn State
University securely connected and isolated 640 buildings
Customer Use Case
Learn how one of the world’s largest cruise lines connected and secured its entire fleet’s maritime systems